Securing Dr. Robot

Medical device robots present a number of cybersecurity, privacy, and safety challenges that regulation and industry standards must address in order to safely and rapidly advance innovation in the field.

The University of Washington’s Computer Science Department recently highlighted the problem. Computer Science Researchers hacked a teleoperated surgical robot called the Raven II during a mock surgery. The hack involved moving pegs on a pegboard, launching a denial-of-service attack that stopped the robot, and making it impossible for a surgeon to remotely operate. The researchers maliciously controlled a wide range of the Raven II’s functions and overrode command inputs from the surgeon. The researchers designed the test to show how a malicious attack could easily hijack the operations of a medical device robot. The researchers concluded that established and readily available security mechanisms, like encryption and authentication, could have prevented some of these attacks.

The hack demonstrates that regulatory and standard-setting bodies should establish robotic medical device security standards. Standards will further the innovation and adoption of medical device robots, address public concerns, and lower litigation and insurance costs for manufacturers.

Patients must understand the risks with medical device robots. Hackers may attempt to hijack remotely controlled operations, spy on and harass patients, or gather patient data in violation of HIPAA privacy rules. Malicious coders may write malware to infect medical devices and disrupt operations. An “End-user” operator, such as a disgruntled or recently fired employee, may unlawfully gain access and maliciously use these robots, Programming defects can have tragic consequences.

These challenges have real consequences in the medical profession. According to the FDA’s MAUDE database reports, a robotic hand did not release tissue grasped during surgery, and a robotic arm hit a patient in the face while she lay on the operating table. A security audit by Essentia Health revealed that some individuals could hack vulnerable defibrillators and pumps that distribute antibiotics around the body. The audit blamed the possible hacks on a lack of authentication and encryption. It also found that hackers could easily take down medical records, reboot machines, and breach the firewalls of surgical robots.

Regulators should require that manufacturers and healthcare providers use some combination of these proactive security measures for their robotic medical devices. The authors of Regulating Healthcare Robots conclude: “Missing from current regulation is a proactive, pre-deployment mandate to incorporate security and privacy protections of information into the design of robotic systems, similar to the way the FDA proactively regulates physical safety.” While the HIPAA Privacy Rule provides protections for individual health information collected by robots in healthcare, it does not provide enough informational or physical security for patients. Regulators should improve security by providing more proactive standards.

The FDA should adopt fresh standards for robotic medical devices. It has created a mechanism for fast-track review of medical devices, and it has set performance and safety standards for devices such as the Artificial Pancreas Device System (APDS). Elena Ponte concludes: “Innovative and emerging technologies are driving the regulatory process to become more flexible, and the FDA seems to understand that its role is crucial in the safe and efficient development of these devices.” To demonstrate such flexibility, the FDA should follow the GAO’s recommendation and expand its focus on information security risks in robotic medical devices.

Recent proposals by the White House and the FTC itself indicate that the role of the FTC in protecting health information, both with HIPAA covered entities and in the HIPAA-free zone, may be expanding. The security and privacy issues arising with robots in healthcare, currently marginalized under existing regulatory frameworks, demonstrate why the FTC may play a critical role in encouraging concepts such as privacy and security by design, which will help maintain responsible design and deployment of robots in the coming years and enable further innovation in this critical area.

The FTC created standards for robots in the manufacturing industry during the 1960s. It could do so again with robotic medical devices. Also, standard setters like the International Organization for Standards (ISO) could play a role.

The FDA, FTC, and ISO should establish clear security standards for robotic medical devices. An effective standard would require manufacturers and healthcare providers to employ most of Julian Roosa’s measures. A multilayered approach will provide security. Whatever standards are ultimately adopted, security is essential to the development of useful and life-saving robotic medical devices. Regulators and lawmakers should keep security in mind as robots find their place in the healthcare industry.